feat(react): MFA TOTP assertion flow

Author: Ehesp

packages/react/src/auth/forms/mfa/totp-multi-factor-assertion-form.test.tsx

@@ -0,0 +1,207 @@
+/**
+ * @license
+ * Copyright 2024 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+import { describe, it, expect, vi, beforeEach, afterEach } from "vitest";
+import { render, screen, renderHook, cleanup } from "@testing-library/react";
+import {
+  TotpMultiFactorAssertionForm,
+  useTotpMultiFactorAssertionFormAction,
+} from "./totp-multi-factor-assertion-form";
+import { act } from "react";
+import { signInWithMultiFactorAssertion } from "@firebase-ui/core";
+import { createFirebaseUIProvider, createMockUI } from "~/tests/utils";
+import { registerLocale } from "@firebase-ui/translations";
+import { TotpMultiFactorGenerator } from "firebase/auth";
+
+vi.mock("@firebase-ui/core", async (importOriginal) => {
+  const mod = await importOriginal<typeof import("@firebase-ui/core")>();
+  return {
+    ...mod,
+    signInWithMultiFactorAssertion: vi.fn(),
+  };
+});
+
+vi.mock("firebase/auth", async (importOriginal) => {
+  const mod = await importOriginal<typeof import("firebase/auth")>();
+  return {
+    ...mod,
+    TotpMultiFactorGenerator: {
+      assertionForSignIn: vi.fn(),
+    },
+  };
+});
+
+describe("useTotpMultiFactorAssertionFormAction", () => {
+  beforeEach(() => {
+    vi.clearAllMocks();
+  });
+
+  it("should return a function", () => {
+    const mockUI = createMockUI();
+    const { result } = renderHook(() => useTotpMultiFactorAssertionFormAction(), {
+      wrapper: ({ children }) => createFirebaseUIProvider({ children, ui: mockUI }),
+    });
+
+    expect(typeof result.current).toBe("function");
+  });
+
+  it("should call TotpMultiFactorGenerator.assertionForSignIn and signInWithMultiFactorAssertion", async () => {
+    const mockUI = createMockUI();
+    const mockAssertion = { assertion: true };
+    const signInWithMultiFactorAssertionMock = vi.mocked(signInWithMultiFactorAssertion);
+    const mockHint = {
+      factorId: "totp" as const,
+      uid: "test-uid",
+      enrollmentTime: "2023-01-01T00:00:00Z",
+    };
+
+    vi.mocked(TotpMultiFactorGenerator.assertionForSignIn).mockReturnValue(mockAssertion as any);
+
+    const { result } = renderHook(() => useTotpMultiFactorAssertionFormAction(), {
+      wrapper: ({ children }) => createFirebaseUIProvider({ children, ui: mockUI }),
+    });
+
+    await act(async () => {
+      await result.current({ verificationCode: "123456", hint: mockHint });
+    });
+
+    expect(TotpMultiFactorGenerator.assertionForSignIn).toHaveBeenCalledWith("test-uid", "123456");
+    expect(signInWithMultiFactorAssertionMock).toHaveBeenCalledWith(expect.any(Object), mockAssertion);
+  });
+});
+
+describe("<TotpMultiFactorAssertionForm />", () => {
+  beforeEach(() => {
+    vi.clearAllMocks();
+  });
+
+  afterEach(() => {
+    cleanup();
+  });
+
+  it("should render the form correctly", () => {
+    const mockUI = createMockUI({
+      locale: registerLocale("test", {
+        labels: {
+          verificationCode: "verificationCode",
+          verifyCode: "verifyCode",
+        },
+      }),
+    });
+
+    const mockHint = {
+      factorId: "totp" as const,
+      uid: "test-uid",
+      enrollmentTime: "2023-01-01T00:00:00Z",
+    };
+
+    const { container } = render(
+      createFirebaseUIProvider({
+        children: <TotpMultiFactorAssertionForm hint={mockHint} />,
+        ui: mockUI,
+      })
+    );
+
+    const form = container.querySelectorAll("form.fui-form");
+    expect(form.length).toBe(1);
+
+    expect(screen.getByRole("textbox", { name: /verificationCode/i })).toBeInTheDocument();
+
+    const verifyCodeButton = screen.getByRole("button", { name: "verifyCode" });
+    expect(verifyCodeButton).toBeInTheDocument();
+    expect(verifyCodeButton).toHaveAttribute("type", "submit");
+  });
+
+  it("should accept onSuccess callback prop", () => {
+    const mockUI = createMockUI({
+      locale: registerLocale("test", {
+        labels: {
+          verificationCode: "verificationCode",
+        },
+      }),
+    });
+
+    const mockHint = {
+      factorId: "totp" as const,
+      uid: "test-uid",
+      enrollmentTime: "2023-01-01T00:00:00Z",
+    };
+    const onSuccessMock = vi.fn();
+
+    expect(() => {
+      render(
+        createFirebaseUIProvider({
+          children: <TotpMultiFactorAssertionForm hint={mockHint} onSuccess={onSuccessMock} />,
+          ui: mockUI,
+        })
+      );
+    }).not.toThrow();
+  });
+
+  it("should render form elements correctly", () => {
+    const mockUI = createMockUI({
+      locale: registerLocale("test", {
+        labels: {
+          verificationCode: "verificationCode",
+          verifyCode: "verifyCode",
+        },
+      }),
+    });
+
+    const mockHint = {
+      factorId: "totp" as const,
+      uid: "test-uid",
+      enrollmentTime: "2023-01-01T00:00:00Z",
+    };
+
+    render(
+      createFirebaseUIProvider({
+        children: <TotpMultiFactorAssertionForm hint={mockHint} />,
+        ui: mockUI,
+      })
+    );
+
+    expect(screen.getByRole("textbox", { name: /verificationCode/i })).toBeInTheDocument();
+    expect(screen.getByRole("button", { name: "verifyCode" })).toBeInTheDocument();
+  });
+
+  it("should render input field for TOTP code", () => {
+    const mockUI = createMockUI({
+      locale: registerLocale("test", {
+        labels: {
+          verificationCode: "verificationCode",
+        },
+      }),
+    });
+
+    const mockHint = {
+      factorId: "totp" as const,
+      uid: "test-uid",
+      enrollmentTime: "2023-01-01T00:00:00Z",
+    };
+
+    render(
+      createFirebaseUIProvider({
+        children: <TotpMultiFactorAssertionForm hint={mockHint} />,
+        ui: mockUI,
+      })
+    );
+
+    const input = screen.getByRole("textbox", { name: /verificationCode/i });
+    expect(input).toBeInTheDocument();
+  });
+});

packages/react/src/auth/forms/mfa/totp-multi-factor-assertion-form.tsx

@@ -1,3 +1,90 @@
-export function TotpMultiFactorAssertionForm() {
-  return <div>TODO: TotpMultiFactorAssertionForm</div>;
+import { useCallback } from "react";
+import { TotpMultiFactorGenerator, type MultiFactorInfo } from "firebase/auth";
+import { signInWithMultiFactorAssertion, FirebaseUIError, getTranslation } from "@firebase-ui/core";
+import { form } from "~/components/form";
+import { useMultiFactorTotpAuthVerifyFormSchema, useUI } from "~/hooks";
+
+export function useTotpMultiFactorAssertionFormAction() {
+  const ui = useUI();
+
+  return useCallback(
+    async ({ verificationCode, hint }: { verificationCode: string; hint: MultiFactorInfo }) => {
+      const assertion = TotpMultiFactorGenerator.assertionForSignIn(hint.uid, verificationCode);
+      return await signInWithMultiFactorAssertion(ui, assertion);
+    },
+    [ui]
+  );
+}
+
+type UseTotpMultiFactorAssertionForm = {
+  hint: MultiFactorInfo;
+  onSuccess: () => void;
+};
+
+export function useTotpMultiFactorAssertionForm({ hint, onSuccess }: UseTotpMultiFactorAssertionForm) {
+  const action = useTotpMultiFactorAssertionFormAction();
+  const schema = useMultiFactorTotpAuthVerifyFormSchema();
+
+  return form.useAppForm({
+    defaultValues: {
+      verificationCode: "",
+    },
+    validators: {
+      onSubmit: schema,
+      onBlur: schema,
+      onSubmitAsync: async ({ value }) => {
+        try {
+          await action({ verificationCode: value.verificationCode, hint });
+          return onSuccess();
+        } catch (error) {
+          return error instanceof FirebaseUIError ? error.message : String(error);
+        }
+      },
+    },
+  });
+}
+
+type TotpMultiFactorAssertionFormProps = {
+  hint: MultiFactorInfo;
+  onSuccess?: () => void;
+};
+
+export function TotpMultiFactorAssertionForm(props: TotpMultiFactorAssertionFormProps) {
+  const ui = useUI();
+  const form = useTotpMultiFactorAssertionForm({
+    hint: props.hint,
+    onSuccess: () => {
+      props.onSuccess?.();
+    },
+  });
+
+  return (
+    <form
+      className="fui-form"
+      onSubmit={async (e) => {
+        e.preventDefault();
+        e.stopPropagation();
+        await form.handleSubmit();
+      }}
+    >
+      <form.AppForm>
+        <fieldset>
+          <form.AppField name="verificationCode">
+            {(field) => (
+              <field.Input
+                label={getTranslation(ui, "labels", "verificationCode")}
+                type="text"
+                placeholder="123456"
+                maxLength={6}
+              />
+            )}
+          </form.AppField>
+        </fieldset>
+        <fieldset>
+          <form.SubmitButton>{getTranslation(ui, "labels", "verifyCode")}</form.SubmitButton>
+          <form.ErrorMessage />
+        </fieldset>
+      </form.AppForm>
+    </form>
+  );
 }

packages/react/src/auth/forms/multi-factor-auth-assertion-form.tsx

@@ -15,17 +15,17 @@ export function MultiFactorAuthAssertionForm() {
   }
 
   // If only a single hint is provided, select it by default to improve UX.
-  const [factor, setFactor] = useState<MultiFactorInfo | undefined>(
+  const [hint, setHint] = useState<MultiFactorInfo | undefined>(
     resolver.hints.length === 1 ? resolver.hints[0] : undefined
   );
 
-  if (factor) {
-    if (factor.factorId === PhoneMultiFactorGenerator.FACTOR_ID) {
-      return <SmsMultiFactorAssertionForm hint={factor} />;
+  if (hint) {
+    if (hint.factorId === PhoneMultiFactorGenerator.FACTOR_ID) {
+      return <SmsMultiFactorAssertionForm hint={hint} />;
     }
 
-    if (factor.factorId === TotpMultiFactorGenerator.FACTOR_ID) {
-      return <TotpMultiFactorAssertionForm />;
+    if (hint.factorId === TotpMultiFactorGenerator.FACTOR_ID) {
+      return <TotpMultiFactorAssertionForm hint={hint} />;
     }
   }
 
@@ -34,11 +34,11 @@ export function MultiFactorAuthAssertionForm() {
       <p>TODO: Select a multi-factor authentication method</p>
       {resolver.hints.map((hint) => {
         if (hint.factorId === TotpMultiFactorGenerator.FACTOR_ID) {
-          return <TotpButton key={hint.factorId} onClick={() => setFactor(hint)} />;
+          return <TotpButton key={hint.factorId} onClick={() => setHint(hint)} />;
         }
 
         if (hint.factorId === PhoneMultiFactorGenerator.FACTOR_ID) {
-          return <SmsButton key={hint.factorId} onClick={() => setFactor(hint)} />;
+          return <SmsButton key={hint.factorId} onClick={() => setHint(hint)} />;
         }
 
         return null;